Description: use-after-free in try_merge_free_space() when mounting a crafted btrfs image
References:
 https://bugzilla.kernel.org/show_bug.cgi?id=199839
 https://patchwork.kernel.org/patch/10503099/
Notes:
 bwh> Upstream fix depends on (at least) commit e06cd3dd7cea
 bwh> "Btrfs: add validadtion checks for chunk loading".
Bugs:
upstream: released (4.19-rc1) [315409b0098fb2651d86553f0436b70502b29bb2]
4.19-upstream-stable: N/A "Fixed before branch point"
4.9-upstream-stable: released (4.9.144) [3c77b07dc365a7ed2644ca0dd38e6e40a9652d57]
3.16-upstream-stable: released (3.16.83) [cdfef40f9557b91384c392a9150bf0bb2b3802c7]
sid: released (4.19.9-1)
4.19-buster-security: N/A "Fixed before branching point"
4.9-stretch-security: released (4.9.144-1)
3.16-jessie-security: released (3.16.84-1)